Medicaid breach draws anger and more words of warning

We really feel violated by the state of Utah and the fact that these people who are paid lots of money to protect our information have let us down.—79-year-old Murray resident

SALT LAKE CITY — Two 79-year-old Murray residents have shredded personal documents and guarded their Social Security numbers for years. They've been careful about utilizing credit services, saving their money and protecting it for their children.

But when computer hackers accessed a state server where the personal information of hundreds of thousands of individuals was being stored, all that effort was undone. Now Ralph and Betty, who spoke on condition their last names not be used, want someone to be held accountable for the mistake.

"We really feel violated by the state of Utah and the fact that these people who are paid lots of money to protect our information have let us down," Ralph said Wednesday. He said he would expect to pay for any mistake he was a part of and wants the Utah Department of Technology Services to make sure justice is done.

"It is hard to come this close to the end of your life and realize that everything you've worked for all your life may be gone because someone wasn't doing their job," he said.

He and his wife Wednesday attended the first of what is expected to be several public forums regarding the breach of Medicaid servers announced April 2. They said they have done all they can to ensure their information is safe, but they are irritated that their information was leaked in the first place.

They're not the only ones. More than 50 frustrated or confused individuals attended Wednesday's forum, officiated by Judi Hilman, executive director of the Utah Health Policy Project. She said she wants to help alleviate some of the confusion regarding information that has been distributed following the security breach.

"Digging out of this, unfortunately, will be a multi-year effort," Hilman said, adding that people need to feel safe and regain trust of the Medicaid, Medicare and Children's Health Insurance Program protocol in order for each to fulfill their purposes.

Utah Department of Health director David Patton said his own father was impacted by the breach. He reiterated that the department considers the issue "very serious."

"We are doing everything in our power to alleviate the pain that has been caused by this," he said, adding that approximately 20,000 of the 280,000 individuals whose Social Security numbers were stolen have activated free credit monitoring services provided by the state.

The department is still sending letters to those whose information was compromised. Patton said more than 275,000 letters have gone out so far. It is estimated that bits and pieces of the personal information of 780,000 people was hacked in late March, but about a third of the information was sensitive Social Security numbers, said Michael Hales, Utah Medicaid director.

Hales advised anyone worried about their credit to put a freeze on their accounts and even post a fraud alert with credit monitoring agencies. Information regarding the steps is included in the letters that are being sent. Additional information can be obtained by calling the state's hotline, at 1-855-238-3339, or online at www.health.utah.gov/databreach.

The state has contracted with the national credit bureau, Experian, to deliver services to impacted individuals. Services will be covered by the state for one year. The Utah Office of the Attorney General also offers services to protect children and adults from identity theft.

"People are confused and I'm worried because many people still have yet to take action," said Sheila Walsh-McDonald, Salt Lake Community Action Program’s low-income advocate for health care and tax policy.

Walsh-McDonald, along with Hilman and others, have recommended various initiatives to the health department to help deal with some of the ongoing issues, such as the cost incurred by freezing and thawing a credit account repeatedly, as well as what can be done for individuals wanting new Social Security numbers.

"It does become very concerning because you don't know how long it will be an issue," said Marilyn Albertson of Murray, who is helping to care for her elderly father. He was victimized by the breach and she said she is grateful that there are people trying to help.

"I appreciate the situation (the state) is in," Albertson said. "It wasn't anything that they intended to ever have happen."

Albertson said she also understands the variety of emotions experienced by those involved.

"Some people are feeling like they're getting answers to questions and the meeting is really intended to provide information and maybe bring forth strategies to handle this going forward," she said. "But I think on the part of some of the people in the room, and rightly so, they're feeling very angry and very betrayed by a system in their government that should have been protecting them and their identity."

Patton said the state accepts responsibility for the actions that led to the breach. Multiple internal and external investigations are ongoing, but he said action is first being taken to arm individuals with information to help themselves.

A longer-term focus will be taken once everyone impacted has been notified. The department is still searching for outstanding contact information on some individuals.

"We are in the mode of trying to help people, not trying to find culprits," he said. Patton told those in attendance, "I would not put any limit on what a hacker could do with your Social Security number."